Hello.
I’m starting to learn to use LXD.
I’m using Manjaro Linux, and I have docker installed in this host.
So, installed LXD, init all default, and create my first two containers.
I fixed the ip for the containers.
After fixing the issue with docker and lxd networking (found a iptables command to fix it in a forum), now I’m able to reach the internet from inside the containters.
I can ping from both containers to the bridge, and to any ip address or name BUT I can’t ping one container from the other, and viceversa
So, what am I doing wrong? What info do you need to help me?
EDIT: I tested it in a Open SUSE installation and it works (no docker in the host), but I really need it fixed in my main computer
EDIT: the definition for my bridge
{
"config": {
"ipv4.address": "192.168.5.1/24",
"ipv4.nat": "true",
"ipv6.address": "none"
},
"description": "",
"name": "lxdbr0",
"type": "bridge",
"used_by": [
"/1.0/profiles/default",
"/1.0/instances/t1",
"/1.0/instances/t2"
],
"managed": true,
"status": "Created",
"locations": [
"none"
]
}
My iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:cslistener
ACCEPT tcp -- anywhere 172.18.0.11 tcp dpt:8125
ACCEPT tcp -- anywhere 172.18.0.11 tcp dpt:8094
ACCEPT tcp -- anywhere 172.18.0.11 tcp dpt:8092
ACCEPT tcp -- anywhere 172.18.0.26 tcp dpt:hbci
ACCEPT tcp -- anywhere 172.18.0.27 tcp dpt:d-s-n
ACCEPT tcp -- anywhere 172.18.0.29 tcp dpt:irdmi
ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:postgresql
ACCEPT tcp -- anywhere 172.18.0.4 tcp dpt:22300
ACCEPT tcp -- anywhere 172.18.0.5 tcp dpt:us-srv
ACCEPT tcp -- anywhere 172.18.0.6 tcp dpt:arepa-cas
ACCEPT tcp -- anywhere 172.18.0.13 tcp dpt:http
ACCEPT tcp -- anywhere 172.18.0.15 tcp dpt:http
ACCEPT tcp -- anywhere 172.18.0.16 tcp dpt:http
ACCEPT tcp -- anywhere 172.18.0.17 tcp dpt:commplex-main
ACCEPT tcp -- anywhere 172.18.0.16 tcp dpt:https
ACCEPT tcp -- anywhere 172.18.0.20 tcp dpt:trivnet1
ACCEPT tcp -- anywhere 172.18.0.3 tcp dpt:ssh
ACCEPT tcp -- anywhere 172.18.0.7 tcp dpt:sunproxyadmin
ACCEPT tcp -- anywhere 172.18.0.7 tcp dpt:http-alt
ACCEPT tcp -- anywhere 172.18.0.9 tcp dpt:8920
ACCEPT tcp -- anywhere 172.18.0.9 tcp dpt:8096
ACCEPT tcp -- anywhere 172.18.0.12 tcp dpt:https
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
RETURN all -- anywhere anywhere
and lxc list
+------+---------+----------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+----------------------+------+-----------+-----------+
| t1 | RUNNING | 192.168.5.101 (eth0) | | CONTAINER | 0 |
+------+---------+----------------------+------+-----------+-----------+
| t2 | RUNNING | 192.168.5.102 (eth0) | | CONTAINER | 0 |
+------+---------+----------------------+------+-----------+-----------+